MALVERTISING - ADVERTISING, BUT WITH A HOOK

               THAT HURTS, AND HURTS AGAIN


               by Chris Olson, CEO of The Media Trust

               Malvertising, a combination of malware and advertising, has more than doubled in the
               past  three  years  and  is  increasingly  found  on  premium  websites  that  are  typically
               whitelisted by enterprises for employee internet use. Malvertising is typically spread via
               legitimate  digital  advertising  services  and  packs  a  nasty,  unexpected  and  frequently
               unseen punch for visitors to a compromised website. The harm is palpable: downloads
               exploit kits, drops ransomware code, redirects to compromised landing pages, serves
               fake pop ups, presents a phishing-oriented form, and the list goes on.


               Malvertising  comes  in  many  shapes  and  sizes:  majority  of  the  time,  malicious  code
               triggers auto-downloads of malware and occasionally requires user-initiated clicks. The
               malware is also hard to detect, since it attacks only when certain conditions are met, for
               example,  if  a  website  is  accessed  via  mobile  devices,  or  if  a  user  from  a  specific
               geography  visits  an  infected  webpage.  Today,  malvertising  is  designed  to  target
               geographies, devices, browsers, behavior and even corporate IP blocks. Unfortunately,
               evolving  sophistication  makes  it  a  difficult  beast  to  control.  Its  ability  to  penetrate
               corporate networks highlights the fallibility of traditional security defenses like blacklists,
               whitelists, generic threat intelligence, AVs, web filters and firewalls, etc.

               Hiding in Plain Sight

               Hackers use the digital ecosystem to hide malware in plain sight by hitching a ride with
               legitimate advertising campaigns, and the result is a malvertising incident. That is what
               makes it so stealthy and able to evade traditional enterprise security defenses.

               Fake virus alerts and system updates delivering malicious exploit kits are ubiquitous in
               today’s  highly  complex  and  dynamic  digital  ecosystem.  But,  those  tricks  are  easy  to
               see. In order to effectively deliver malware, threat actors have resorted to sophisticated
               coding to evade detection. Increasingly,  malware only executes when predetermined
               conditions are met, i.e., geography, device, or user profile combinations. For example,
               Lucy in London on a mobile device receives the malware but Bob in Boston on a laptop
               did  not.  Furthermore,  in  order  to  accurately  target  and  deliver  malware  to  specific
               endpoints  and  internet  users,  threat  actors exploit  the  very  technologies  that  website
               owners utilize to deliver customized and personalized content to their users.

               Some enterprises attempt to address malvertising by adopting Adblockers. While this
               sounds  like  a  great  idea,  it  is  not  a  reliable  security  defense  since  the  ad  code  can



                   22    Cyber Defense eMagazine – November 2017 Edition
                         Copyright © 2017, Cyber Defense Magazine,  All rights reserved worldwide.